On Mon, 20 Sep 2010, Chuck Campbell wrote:
> > enabled). Is SA integrated in your mail system in a way that it "knows"
>
> Not sure where to enable this. Will dig more in the docs.
>
> > the user name of the recipient? (some integration methods do not make that
> > info avaialble to SA so the per
On Mon, 20 Sep 2010 20:03:43 +0200
Yves Goergen wrote:
> I'm currently testing a rather simple fix: I've added the following
> line to Botnet.cf to ignore anything from IPv6 (hope it works):
Alternately you can do this by rewriting the BOTNET rule as a
metarule (see Botnet.variants.txt) and
On Sat, Sep 18, 2010 at 06:46:18PM -0500, Dave Funk wrote:
> On Sat, 18 Sep 2010, Chuck Campbell wrote:
>
> >I have SA set up and working (mostly) on my mail machine, however I've put
> >the
> >following into my user_prefs:
> >
> >whitelist_from *...@zyngamail.com
> >and
> >whitelist_from_rcvd *.
Hi there,
I've been upgrading to IPv6 yesterday and needed to find out that the
Botnet plugin causes false positives on every message that comes in from
an IPv6 address. The only information that I've found on that was a
thread from January 2010 [1] that contains some debug output and a "good
luck
Michael,
> these new dkim tests confuse me :-)
> DKIM_ADSP_DISCARD=1.8
> seems like it decided this is a forged email?
It is implemented as per RFC 5617.
> seems ok to me. I can pastebin it if someone wants.
> spf pass, dkim passes (dkim_valid), rcvd_in_rp_certified,
> rcvd_in_dnswl_med, rdns a
these new dkim tests confuse me :-)
DKIM_ADSP_DISCARD=1.8
seems like it decided this is a forged email?
seems ok to me. I can pastebin it if someone wants.
spf pass, dkim passes (dkim_valid), rcvd_in_rp_certified,
rcvd_in_dnswl_med, rdns and envelope from seem to match.
AH.. braniacs at eba
On 20/09/10 15:28, Bowie Bailey wrote:
You can get rid of the 'backslashitis' by using a different delimiter.
uri URI_BITLY_BLOCKED m~^http://bit\.ly/a/warning~i
You still need to escape the period, but since the tilde (~) is now the
delimiter rather than the slash, you don't need to escape
On 20/09/10 16:17, Michael Scheidell wrote:
On 9/20/10 8:15 AM, Steve Freegard wrote:
Caching; if desired it will now cache URLs to a SQLite database for
additional speed-up and to prevent DoS of the shortener services.
any anticipated write lock problems with this due to sqlite not handling
On 9/20/10 8:15 AM, Steve Freegard wrote:
Caching; if desired it will now cache URLs to a SQLite database for
additional speed-up and to prevent DoS of the shortener services.
any anticipated write lock problems with this due to sqlite not handling
multi-threaded reads/writes?
most (many?) SA i
Cédric Jeanneret wrote:
Hello,
I have an error with SA using autolearn plugin:
Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
learn) locker: safe_lock: cannot create tmp lockfile
/home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for
/home/USER/.spamassassin/bayes.lo
On 9/20/2010 8:15 AM, Steve Freegard wrote:
> On 17/09/10 14:48, RW wrote:
>>
>> I think it might be better to take the "blocked page" handling out of
>> the perl and turn it into an ordinary uri rule.
>>
>
> Yeah; really don't know why I did it like that in the first place.
>
> I've just uploaded
On Mon, 20 Sep 2010, Cédric Jeanneret wrote:
I have an error with SA using autolearn plugin:
Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
learn) locker: safe_lock: cannot create tmp lockfile
/home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for
/home/USER/.spamass
On Mon, 20 Sep 2010, Chip M. wrote:
The second part is a new-ish spin:
an image using "application/octet-stream" as the Content Type, but
otherwise sanely constructed (i.e. it has a full filename with
".jpg", which is the ACTUAL image encoding used, unlike some of his
previous morphs).
Dangit,
On Mon, 20 Sep 2010, Chip M. wrote:
On 19 Sep 2010, John Hardin wrote:
Adding to my sandbox for masscheck:
rawbody HTML_OBFU_ESC /document\.write\(unescape\("(?:%[0-9a-f]{2}){10}/i
It performs pretty well. It should be in the next rules update, under a
slightly different name (OBFU_JVSCR_ESC
On 17/09/10 14:48, RW wrote:
I think it might be better to take the "blocked page" handling out of
the perl and turn it into an ordinary uri rule.
Yeah; really don't know why I did it like that in the first place.
I've just uploaded version 0.2 which does it this way instead and adds
the fo
Hello,
I have an error with SA using autolearn plugin:
Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in
learn) locker: safe_lock: cannot create tmp lockfile
/home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for
/home/USER/.spamassassin/bayes.lock: Permission denied
Is
There's a new morph from our old nuisance, the inline PNG/RTF, and
all manner of wavy image insecure-boy-drugs spammer. :(
Here's a sample:
http://puffin.net/software/spam/samples/0009_jpg_oct.txt
It began (here) on Sep 10, and replaced his (relatively boring)
"Your wife photos attached"
On 19 Sep 2010, John Hardin wrote:
>> Adding to my sandbox for masscheck:
>>
>> rawbody HTML_OBFU_ESC /document\.write\(unescape\("(?:%[0-9a-f]{2}){10}/i
>
>It performs pretty well. It should be in the next rules update, under a
>slightly different name (OBFU_JVSCR_ESC).
Shiny!
How about com
Steve Freegard wrote:
>Hopefully it will be useful to others; you can grab it from:
Thanks Steve!
Suggestions (for future enhancements):
1. Consider splitting the list of shorteners between those that
are well established and KNOWN to be reasonably diligent, and
"all others" (e.g. the anti-patte
19 matches
Mail list logo